Passed last November, the law is largely aimed at protecting China's networks and private user information at a time when the recent WannaCry ransomware attack showed any country can be vulnerable to cyber threats.
But companies have pleaded with the government to delay the legislation's implementation amid concerns about unclear provisions and how the law would affect personal information and cloud computing.
The government appears to still be scrambling to finalise the rules.
Just two weeks ago, Zhao Zeliang, director of the cybersecurity bureau, gathered some 200 representatives from foreign and domestic companies and industry associations at the new headquarters of the Cybersecurity Administration of China (CAC) in Beijing.
The May 19 discussion centred on a draft of the rules for transferring personal data overseas, participants told AFP.
Attendees received an updated version of the document, as well as Zhao's assurance that regulators would remove some of the language that had received strong objections, they said.
The new document, obtained by AFP, removed a contentious requirement for companies to store customers' personal data in China.